1. Homepage
  2. RvR
  3. Application
  4. Attack Vectors

General Information

XSS and Phishing via Remote File Inclusion

Variants:
Direct Persistent Session 

Also Known As:
Remote File Inclusion, Phishing via Remote File Inclusion

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Web Application

Affected Mechanisms:
Input Validation, Secure Design

Invented In:
01/01/2001

Added In:
08/12/2014


Vector Operation Method:
Malicious inputs can include malicious content or malicious JS or VBS browser code within legitimate website content


Direct Variant:

XSS via Remote File Inclusion

Variant Title:
XSS via Remote File Inclusion

Typical Severity:
Major

Resources:

Other I

Other II

White Papers:

Learn More:


Persistent Variant:

Stored Remote File Inclusion

Also Known As:
Persistent Remote File Inclusion

Typical Severity:
Major

Resources:

White Papers:

Learn More:


Session Variant:

Remote File Inclusion via Session Puzzling

Also Known As:
Session Remote File Inclusion

Typical Severity:
Major

Resources:

White Papers:

Learn More:




TECAPI ©

Join